package com.khotyn.heresy.controller;

import java.util.regex.Pattern;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.SessionAttributes;
import org.springframework.web.servlet.ModelAndView;

import com.khotyn.heresy.bean.HeresyErrorMessage;
import com.khotyn.heresy.exception.IllegalServiceParamException;
import com.khotyn.heresy.exception.IllegalUrlParamException;
import com.khotyn.heresy.service.AddCommentService;

/**
 * Add comment controller
 * 
 * @author khotyn
 * 
 */
@Controller
@RequestMapping("/addComment.html")
@SessionAttributes("validateCode")
public class AddCommentController {
	@Autowired
	private AddCommentService addCommentService;

	@RequestMapping(method = RequestMethod.POST)
	public ModelAndView onLoad(HttpSession session, HttpServletRequest request,
			@RequestParam(value = "commentContent", required = false) String commentContent,
			@RequestParam(value = "pictureID", required = false) String pictureID,
			@RequestParam(value = "ownerID", required = false) String ownerIDStr,
			@RequestParam(value = "validateCodeImg", required = false) String validateCodeImg, @ModelAttribute("validateCode") String validateCode) {
		Integer userID = (Integer) session.getAttribute("userID");

		try {
			validate(commentContent, pictureID, ownerIDStr, validateCodeImg, validateCode);
		} catch (IllegalUrlParamException e) {
			return e.getErrorModel();
		}

		if (userID == null) {
			userID = new Integer(0);
		}

		try {
			addCommentService.doService(pictureID, commentContent, userID);
		} catch (IllegalServiceParamException e) {
			return e.getErrorModel();
		}

		return new ModelAndView("redirect:/picture.html?pictureID=" + pictureID);
	}

	public void validate(String commentContent, String pictureID, String ownerIDStr, String validateCodeImg, String validateCode)
			throws IllegalUrlParamException {
		HeresyErrorMessage errorMessage = null;

		if (!NumberUtils.isDigits(pictureID) || !NumberUtils.isDigits(ownerIDStr)) {
			errorMessage = new HeresyErrorMessage("Illegal param", "Operate Failed", "/Dragonfly");
		} else if (!StringUtils.equals(validateCode, validateCodeImg)) {
			errorMessage = new HeresyErrorMessage("Wrong validate code", "Operate Failed", "picture.html?pictureID=" + pictureID);
		} else if (StringUtils.isEmpty(commentContent.trim())) {
			errorMessage = new HeresyErrorMessage("Your comment is empty", "Operate Failed", "picture.html?pictureID=" + pictureID);
		} else if (Pattern.matches("select|update|delete|exec|count|'|\"|=|;|>|<|%", commentContent)) {
			errorMessage = new HeresyErrorMessage("SQL keywords are not allowed in comment", "Operate Failed", "picture.html?pictureID=" + pictureID);
		}

		if (errorMessage != null) {
			throw new IllegalUrlParamException(errorMessage);
		}

	}
}
